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DETAILED ACTION 

1 . This Office Action is responding to the Amendment received on 08/31/05. 

2. Claims 1-22 are pending. 

3. Applicant has amended claims 8-11, 12, 16, 17, and 21 and overcame the 35 U. 
S. C.101 rejection basis of descriptive material without being implemented in a 
computer medium hardware. However, upon reexamination of the claims, a new 
ground of 35 USC § 101 rejection basis brings the claims 8-10 back to a non- 
statutory status. See the rejection basis below. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any 
new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this 
title. 

5. The claimed invention is directed to non-statutory subject matter. Claims 8-10 
recites a method for allowing the definition and configuration of NAT. The policy 
configuration and IP address pool configuration does not produce a "useful, 
concrete and tangible result." In order to be eligible for patent protection, the 
claimed invention as a whole must accomplish a practical application. That is, it 
must produce a "useful, concrete and tangible result." State Street, 149 F.3d at 
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1373-74, 47 USPQ2d at 1601-02. The claimed invention as a whole must be 
useful and accomplish a practical application. That is, it must produce a "useful, 
concrete and tangible result." State Street, 149 F.3d at 1373-74, 47 USPQ2d at 
1601-02. The purpose of this requirement is to limit patent protection to 
inventions that possess a certain level of "real world" value, as opposed to 
subject matter that represents nothing more than an idea or concept, or is simply 
a starting point for future investigation or research (Brenner v. Manson, 383 U.S. 
519, 528-36, 148 USPQ 689, 693-96 (1966)); In re Fisher, 421 F.3d 1365, 76 
USPQ2d 1225 (Fed. Cir. 2005); In re Ziegler, 992 F.2d 1197, 1200-03, 26 
USPQ2d 1600, 1603-06 (Fed. Cir. 1993)). 



Claim Rejections - 35 USC § 103 



6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 



obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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7. Claims 1, 12, 13, 16, 18, 19 are rejected under 35 U.S. C. 103(a) as being 
unpatentable over Borella et al (US-6353614), hereinafter "Borella", in view of 
Jain et al (US-6047325), hereinafter "Jain" 

8. As per claims 1, 12, 13-16, 18, 19, 20 and 22, the previous office action rejection 
basis is maintained. Further, the implementation of NAT with VPN connection 
has also been considered in Borella invention (Col 16 lines 20-23). For more, 
Jain teaches the VPN connection setup utilizing the DHCP servers to assign IP 
address (Col 5 lines 13-39). Therefore, it would be obvious at the time of the 
invention was made for one having ordinary skill in the art to incorporate Borella's 
Network Address Translation method with Jain's VPN connection method to 
provide a secure connection over the Internet or Intranet. Since, Borella 
anticipated the implementation of NAT with VPN, the incorporating NAT with 
VPN would provide a double layers of security to the user. Further, Jain's 
invention utilizes DHCP servers. The incorporation of NAT in Jain's DHCP 
server would allow the VPN connection to be executed on one end of the 
connection (Borella, Col 16 lines 20-23, and Jain (Col 5 lines 13-40). 

9. As per claims 14 and 15, Claim 1 rejection basis is incorporated. Further, Borella 
does teach the implementation of NAT with VPN in (Col 16 lines 20-23). 
Therefore, the ICMP layer (Col 5 lines 5-14 and FTP (Col 2 lines 22-28) 
implementation in NAT can also be implemented in the VPN NAT environment. 
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1 0. Claims 2-7 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Borella et al (US-6353614) in view of Jain et al (US-6047325), and further in view 
of Arrow (US-6226751). 

11. As per claims 2-7, the previous written action rejection basis is maintained and 
further is incorporated the obviousness rejection of claim 1. Claims 2-7 are 
rejected. 

1 2. Claim 1 1 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Arrow 
(US-6226751). 

1 3. As per claim 1 1 , Arrow discloses method of providing customer tracking of VPN 
NAT activities (Col 10 lines 17-20) as they occur in an operating system kernel 
(Col 9 lines 35-40 and Col 10 lines 32-43). However, Arrow does not directly 
disclose the steps of: responsive to VPN connection configuration, generating 
journal records', updating said journal', records with new records for each 
datagram processed through a VPN connection', and enabling a customer to 
manage said journal records. Nevertheless, Col 10 lines 17-20 teach the use of 
the Simple Network Management Protocol to get the traffic statistics. It is obvious 
at the time of the invention was made for one of ordinary skill in the art to 
recognize that the same protocol includes the claim feature completely. 
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14. Claims 8-11, 17, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Allied Telesyn, NAT, GRE, and Security Associations, May 
1998, Page 1-5, hereinafter "AT" 

1 5. As per claims 8, 1 7, and 21 , AT discloses "A method for allowing the definition 
and configuration of NAT directly with definition and configuration of Ipsec-based 
VPN connections and VPN policy, comprising the steps executed by a digital 
processor at one end of a VPN connection" on Page 1 , 1 st paragraph, "of 
configurating the requirement for VPN NAT by a yes/no decision in a policy for 
each of the three types of VPN NAT" on Page 2 (configuring the encryption key 
for VPN connection), and Page 3 #5, and "configuring a remote IP address pool 
or a server IP address pool selectively responsive to said yes/no decision for 
each said VPN NAT type" on Page 3 #12-13. However, AT does not explain 
clearly the said three types being VPN NAT type a outbound source IP NAT, 
VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound 
destination IP NAT. Nevertheless, It would be obvious at the time of the 
invention was made for one having ordinary skill in the art to realize that the 
configuration script for either Router A on page 3 and Router B on page 4 does 
teach the three types VPN NAT claimed since one end of the connection has 
NAT association with security policy set and further the outbound destination is a 
network address translation (NAT) destination (Page 3-4 # 15-16, and Page 5 
#15-16. "The type a outbound source IP NAT, VPN NAT type c inbound source 
IP NAT" is implied on page 3-4 #10-16, and Page 4-5 #10-16, and "VPN NAT 
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type d inbound destination IP NAT" is implied on page 3-4 lines 10-16. In 
addition, AT is silent on the policy database for each type of VPN NAT. 
Nevertheless, AT does disclose a method to enable GRE for the both LAN 
connections on page 3 #7-8, and Page 4 #7-8 for the inbound and outbound 
connection security policies. Therefore, it would have been obvious at the time 
of the invention was made for one having ordinary skill in the art to realize that 
the policy database must exist, because the configuration scripts does not restrict 
to only one LAN VPN connection. Thus, a multiple LAN VPN connection will 
requires multiple scripts policy database to configure for each connection. 

16. As per claim 9-10, AT discloses "the method of claim 8, further comprising the 
step of configuring a unique said remote IP address pool for each remote 
address to which a VPN connection will be required, whereby said remote IP 
address pool is keyed by a remote ID" on page 3 #12-13, and #7. 

1 7. As per claim 1 1 , AT discloses "A method of providing customer tracking of VPN 
NAT activities as they occur in an operating system kernel, comprising the steps 
executed at one end of a VPN connection of: responsive to VPN connection 
configuration, generating journal records; updating said journal records with new 
records for each datagram processed through a VPN connection; and enabling a 
customer to manage said journal records" on Page 3 #1 1 . 
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Response to Arguments 

18. Applicant's arguments filed 08/31/05 have been fully considered but they are not 
persuasive. 

19. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant 
relies (i.e., Summary and comparison of the Art cited on page 22-30) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See 
In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

20. As per remark on page 22-30, Applicant repeatedly argue that "The current 
invention does not use "translates ports", "PNAT", "DNAT", "translate IP address 
based on MAC addresses", "PAP (Port Allocation Protocol)", and more .. ". 
However, nowhere in the language of any claims recites limitation that would 
restrict the implementation of a particular technology to carry out the invention. 
Examiner reminds the Applicant that although the claims are interpreted in light 
of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

21 . In response to applicant's arguments, the recitation ("the steps executed at one 
end..." in claims 1, 8, 11-17, and 20) has not been given patentable weight 
because the recitation occurs in the preamble. A preamble is generally not 
accorded any patentable weight where it merely recites the purpose of a process 



Application/Control Number: 09/578,215 Page 9 

Art Unit: 2135 

or the intended use of a structure, and where the body of the claim does not 
depend on the preamble for completeness but, instead, the process steps or 
structural limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 
USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 
481 (CCPA 1951). 

22. As per remark on page 26, Applicant argues that "Jain does not use IKE to 
automatically generate security associations". Nevertheless, the language of 
claim 21 recites "dynamically generating NAT rules and associating them with 
manual or dynamically generated (IKE) Security Associations". Notice the 
limitation does not restrict to IKE security Associations only. The rejection basis 
of claim 17 would also be applied to reject to claim 21, which includes a manual 
encryption key to configure the VPN connection. The manual encryption key 
configuration is disclosed in AT reference on (page 2). Please refer to the 
rejection in Paragraph 14 above. 

23. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant 
relies (i.e., "The AT reference does not utilize, and the integration of NAT with 
IKE and ... is the whole point of the present invention" on page 40-41 in regard to 
claim 8-11, and 17) are not recited in the rejected claim(s). Although the claims 
are interpreted in light of the specification, limitations from the specification are 
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not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 
(Fed. Cir. 1993). Further, IP Sec-based VPNs can also be configured using 
manual keying association in both end of the connection, which is disclosed in 
AT reference on page 2. 



24. In response to applicant's argument in the last paragraph of page 38, that "Arrow 
(Col 10, lines 17-20) does not "generate journal records responsive to VPN 
connection" as stated in claim 11." Examiner disagrees. (Col 10, lines 17-20) 
clearly discloses that "Simple Network Management Protocol SNMP module 720 
gathers information and statistics from IP stack 712 that a system administrator 
might be interested in, such as communication traffic statistics". The 
communication traffic statistics here is referring to the VPN connection IP stack 
as disclosed in Arrow's invention. One ordinary skill in the art would recognize 
that the implementation of SNMP is common in the art to gather the statistical 
data in real time for administration purpose. Therefore, the statistical data is 
journal records responsive to VPN connection as claimed. 

25. In response to applicant's argument in the last paragraph of page 41 , that "the 
items 1 1-14 on page 3-4 and pages 4-5 have nothing at all to do with VPN NAT 
type a or type c". Correction, the VPN NAT type a or type c is actually disclosed 
in the items 1 1-16 on page 3-4 and pages 4-5. AT clearly discloses the 
configuration of the VPN NAT connection in the configuration script for both 
Router A and B in item 11-16. Particularly, in item 16 AT implements the "add ip 



Application/Control Number: 09/578,21 5 Page 1 1 

Art Unit: 2135 

nat ip=10. 1.1.0 mask=255.255.255.0 gblip=202.45.12.8" to route the inbound 
traffic from the router 202.45.12.8 to the NAT ip destination 10.1 .1 .0/24 segment 
(type c and d) and to route the outbound traffic from 10.1 .1 .0/24 NAT segment to 
the gateway router 202.45.12.8 (type a). Similar configuration is also carried out 
in router B on pages 4-5. Therefore, AT clearly discloses the VPN NAT type a 
outbound source IP NAT, the VPN NAT type c inbound source IP NAT, and the 
VPN NAT type d inbound destination IP NAT. 

26. In response to applicant's argument in the 3rd paragraph of page 43, that "The 
Examiner then states, "... AT does discloses a method to enable GRE for 

Yes AT use generic routing encapsulation. (It is not specified at what RFC level; 
most likely it is RFC1702 since RFC2784 wasn't published until 2000, and the AT 
document is dated May 1998.)". Examiner does not agree with the Applicant. 
The fact that the date May 1998 of AT reference is enough to show the priority of 
teaching, which fully discloses the claimed invention of claims 8-11, 17, and 21 
as admitted by the applicant above. 

27. Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount 
to a general allegation that the claims define a patentable invention without 
specifically pointing out how the language of the claims patentably distinguishes 
them from the references. 

28. Applicant's arguments do not comply with 37 CFR 1 .1 1 1(c) because they do not 
clearly point out the patentable novelty which he or she thinks the claims present 
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in view of the state of the art disclosed by the references cited or the objections 
made. Further, they do not show how the amendments avoid such references or 
objections. 

29. In response to applicant's arguments against the references individually on page 
20-30, one cannot show nonobviousness by attacking references individually 
where the rejections are based on combinations of references (Remarks on page 
31-32). See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

30. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Linh LD Son whose telephone number is 571- 
272-3856. The examiner can normally be reached on 9-6 (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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